Back to HomeZIYØN Logo
ZIYØN
GDPR & CNIL Compliance

Privacy Policy

Last updated: March 19, 2026

ZIYØN SAS places the utmost importance on the protection of your personal data. As an artificial intelligence infrastructure company, data security and privacy are at the core of our architecture.

1. Identity of the Data Controller

The data controller for personal data collected through our applications (pathfinder.ziyon.fr, lumen.ziyon.fr, marttin.com.br) is:

  • ZIYØN SAS
  • SIREN: 978 303 923
  • Registered Office: 60 RUE FRANCOIS IER, 75008 Paris, France
  • Data Protection Officer: privacy@ziyon.fr

2. Data Collected and Processed

We process only the strictly necessary data for institutional performance:

  • Identification: Full name, email address, account IDs.
  • Usage Data: Connection logs, IP addresses, and privacy-first telemetry (Matomo).
  • Transactional Data: Payment history via Stripe (no raw card data is stored on ZIYØN servers).
  • Psychometric Data: OCEAN/RIASEC raw scores and skills. This is processed strictly via explicit user consent.

3. Purposes and Legal Basis

PurposeLegal Basis (GDPR)
Provision of SaaS InfrastructurePerformance of a contract (Art. 6.1.b)
Psychometric Analysis & RoadmapsExplicit consent (Art. 9.2.a)
Security & Analytics OptimizationLegitimate interest (Art. 6.1.f)

4. Processing by Artificial Intelligence (Helyus)

Algorithmic transparency is central to the Helyus infrastructure:

  • Zero-Training Policy: User data is never used to train our foundation models or third-party LLMs.
  • Ephemeral Inference: Data is processed in-memory for generating results and anonymized for telemetry.

5. Sub-processors and Data Transfers

Your data is stored within the EU (Frankfurt/Paris) via AWS and Supabase.

Note on Data Storage: While the front-end distribution is managed globally via Vercel, the primary production databases and sensitive user data are strictly hosted within the European Union to ensure GDPR compliance.

6. Data Retention Periods

Account data is retained for the duration of activity plus 3 years. Billing data is retained for 10 years per French fiscal requirements.

7. Data Security

Security architecture: AES-256 encryption at rest, TLS 1.3 in transit, and Row Level Security (RLS) enforcement via Supabase.

8. Your Rights

You retain rights to access, rectification, and erasure. To exercise these rights, contact the DPO at privacy@ziyon.fr.